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(57)Abstract: 

PURPOSE: To provide many elliptic curves which are 
embedded in a finite body, can not be solved, and are on 
definition bodies having the same number of bits. 
CONSTITUTION: The open key ciphering communication 
system is based upon the difficulty of the discrete 
logarithmic problem of the elliptic curve; and the elliptic 
curve which is necessary for the open key ciphering 
communication system for an optional prime number (p) 
is constituted while having the finite body GF (p) on the 
definition body and (p) elements on the finite body GF 
(p). Therefore, when the elliptic curve E1 on the finite 
body GF (p) is given, #E1 (GF(p))=p is satisfied, so prime 
factorization is not necessary. 
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[1S*1S1] MtfcLfca«**E (GF (p) ) 0) 
5S i: 3US £ ft* - * I- * l J *&&5HI£ L- < I* Bit £ 

p^iatu ^EffGF ( P ) **«w=*-3«n* 

gE(OGF (p) -t<D5c-C-*§jS£*X-i>?l£ E (GF 
(p) ) ft%t$. 

E (GF (p) ) ro7cCD®&*<pl=*-5«k-5l-*SRft& 
IttBE (GF ( P ) ) ±.JEBS4i*«1IM>«fcnB©BB 

£ t»BBB««**©ft±tt©*» ,:: *' :>:: * *» 
[ig*3a2] gf (p) scBttct^wnttBE 

dl=«ky***aMSCHd Cx) = 0<7>p£i£i:Lf= 
St. 

[fS*JS3] A=X*Q ( <-d) 1/2 ) a>Hft*<l 

fe&BBvtvaflrad. 

[O 0 0 1 ] 

[££±a>¥4JB&B] *»w**«ft**ifc1W**4*B 

[O O O 2] 

fit, CflMMMMH**!!!^. fctxiSlS^*< 

4S*ifciut. *je<DB«»*ia*n=»«i»>**B 

IjgftBfcHffl u— 9 s — t -r roit Lffi L^roJCffl^t^ 
[0 0 0 3] cro^ii?Mii&#<D£±tt(BSffliKii 

LtfLtf*»W»»±«>»1l!t»aB« (DLP) ttBB 

I*, «*tf. -f. Av/n » "^^^^ ^ 
p^UAX -f> 'J TK/O* 

h' 88. Wf-*—S—\~ ^> =i>tin.—5 — 



403 (1 9 8 8) . ->a.^'J SIS 
2gff 77 ^9 3^ (E. Bach. "Intractableproblems in 
nunlber theory " . Advances in Crypto I ogy-Proceedi 
ngs of Crypto '88. Lecture Notes in Computer Scien 
ce, 403(1988) . Springer-Verlag. p77-93 (ftfc. & 
Tl:6l»T.- 7Wr*v K B**B*l*BWfcL"C 
«B**-C*-T. fcfc*L. wai=-tffl>*©*t-BBt*IB 
Lx-StOs BfcliflBeroK-f^Bfcfelti^A-^h 
•V>Weil (77>XA) . SpringerSJS (K-1"V) I± 

m^ae^fsft 1986* fiiBKa^^ 

TLX*. BIT. *Bpr»»fcL"C*B#*B^fc** 
fcl= C©4*BB«t#*«H Lfc«*M®l*** 

(*«i*±a>»llk»*B«) p*«*» GF <'p> * p 

GFIi*'o7ft, Galois FieldOTgl*) . g**0>-0> 

bia« (g*P-nttttc»t. ^ommopZ&i 

tf -Si!***"" tft'SaESife) , a$1gagp-lS 

ft*>"fc« a = g a (mod p) g 
tpiatfrbff S*»4©l*Sa"e*4* < g <t p t a 

[0004] cHi*, S»ti^fc^-cii, S^tEteS 
>fd^->3> r-^ -y=->*y- ■*->/<- 

X" 't?^^7t- /<— S'T-f 3fl/X*fT (G. 
H. HARDY ft; E. It WRIGHT* " AN INTRODUCTION TO 
THE THEORY OF NUMBERS " OXFORD UNIVERSITY PRESS36 
ff) . » -«5S?Bata««" *ttlHKB 

ft 193 1* »l=*B»tt»U<l*nil*ttl=»B4 

[0 0 0 5] 01$t.tl-. c<08HBaS(0Ii 

»*5*t*2o©»«pi:Bfc*3.-*l=»"-*"*- ^ 1 
ICJ3LXTI*, *yjW*»l=l**«fcL-C1 1. 

■^A, Bli#>SrA<im±P-1KlTO)l8S@<!:Wt3+L* 

l*=&SA<»Sl-«»-r-&. B1l=fe^"CI*al*4. bl* 
8T-fe-5o L-Ax-S^. 3.— •fAI*p*ftfr*«ffl«» 

amiHtz&a (a=g a (mod p)) $3.— 9=B 
j.— 9=BI±p^ai:-r-&g<Db^<nfa*fc-5/S (5 



(3) 
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= g a (mod p) ) tfAIZfcie>-t*\ t<D±X 

mmitx&mti^ti&pzmt-t&go (axb) m. 

wmmtz&k (k = g a • b ( mo d p) £##). C 

•5. 01 lrfct^TI*al*5, £l*3. k(£4T?&& 0 
[O O O 6] 

CClr k = g a • b (mod p) 
= ( g a ) • b (mod p) = cr b (mod p) 
= (gb ) • a (mod p) =B a (mod p) 

-C#aick£fi+SL*.-&„ L*>L. S=fl:ioTtt> 
SSSa. baHv$**l4,»iy*#fcl*fc#>, pkctkPfr 

[0 0 0 71 COJfcft. 3.— y=A. Bii^o^^etw 
X€fc«««>a9l=J:y7'f v$UHt*4xfc±T?fcf-;/ K 

antiihi . h2 . hi jS4 2ii^©s»ffia)jSHi 
G>mmt#-t < ti£&. *cx. j.— tfA. Bi*fce,*Ni:«> 

*iS!t«S'(b*4xfcltahi . h2 « hi SI=S5#03* 

S„ »ffiffc<D#Si: Ltl*. CT^Iia2lc^-r«fc'5l=;. 
(Dhi xk, h2 xk» hj x k. ©hi + k» h 
2 +k, hj +k. ®h£kkmCtfi&.0&mkL 

fc±-eh©ftffi©!afii (oxiti) ^ss-r-Skrotii© 

»fit*<OJS<=>-tO>£* (0I*0©£*. 

, 1 <ce>a»i=-r-5 (oftbitu i$f>ott 

fiffl^ffiffl-r-siey^^&y s.-5ro-efci>*<. m=si* 
3.— *f a 4: j.— y= b n&mm k y ^£ei % 3i l < liss 

[00 0 8] si;. c<Daa*a«*<6©3.— c. d 

1 Kl-hp- 1 KlTCD«3Ba>S»c. d$IS 
©iB®@<!:LT##L. *B£I=b> • b . g a • c , g 
a • d . g b • c . g b • d . g c • d 

l x agnasts £ &m l x<n ®&&m $ ts.t =. t *>< 



-efes. -rof=tf). a— "frogs (SHSJiaA. >HSc) 1? 

flxtfa— (fAliiEff)iBSaag*^i: 
a' 1=. Sl=¥*&l=a" l=fcl*5-5»3l=£S*- &=-t 
l=*U. ©®tt<D-BOli*:tSti-i>. -tLT. C©i§ 
^. i££fcS3St&p*<ft#:*#l-Hvl;f. »a— y=©»® 

ajwasi=-a-r4t?a>*S£*£i:«t*. mm*,* m 

y. »*tft##<D^*<fijfflu*-sttai$*-rci:A^fi6 
«*jsi=«#8h* ^iiA/fc'ir i? a @s Lr 

Kit. tt*l=ttRMim-¥>*mil«!MMbl/!:±-Ctt 
<litt£tt*l=JI4:<&tO&L-C&l*t*. U— «f— T-f 

x^s«yaiLfctt5?i=«fc*^jia, »*.aiLSf(D5Sit 
<?$mnx*mvmLtzm&i*. fct*c«ju- tf-^-r 

^SflJiy 111 UfcS^I=l*C<©E1SA<SS!lWI=>HS.*-5«J: 
«!:^:e)^^A^te^^t^-t. JS^SS^'&'rUe^aVtt^ 

m^omfux-mm^ grM<syaua>fc<&ro«?s:©aff 
©fat's y ^<DWi^o>mmt ts.z> c t^rofc^fflit 

[0 0 0 9] ST, fel±<7)iftKt?^-5ri:<**B^|z 

^BS@Bt#as^3£©MS^>s^Kiis^'e&y. n&i- 
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©«s#. *»ti* o*fc"c«=#i=**H* fc "^* c 

*BliXPJ:S1»W3- 1 99 1 48*1-. (53-2 2 
7 1 2 5#. 1^3-3 1 8 8 1 6-^. 864,fc**Vtl* 
ft. tt-a-C. *««»l=l* 3 

- 1 |*****H***fc * 5 l=»E1-«»©»«*<t 

■r ft n- fe y * ^ c 

u<**. ©a^ro^si*m=# 

l=j:4a** < <I>©:&*«=H* l '" c * p *" cfc * 0 '- <7>fc 
fc*W**tiTHft. Hb* 

jbrofifcJS £ ■ 4 fc to#=fra <*> -» "«? * * 1 & * * * 14 
a*WBW=*-* = fc*. frfMHWU-*-**** 
L til U=» LTOBBB* 6 

[ooio] *i=. **Bt4-ri=aofc^*i6oa* 

y-teMi-is^-r-i.. -SSI". =SrfKpr«P-t0>&1ife*iSSt 
' ISSfeitff. ©B»ttl=*"^ < ^BBftBt 

-r«nw!>«tt. fca*=a*«tt*a 
tL-c*c*i.*a*L-c**oa«iMi*a»"*"*- t 

ft. 



[00 11] fcwft-C. 8l±»WUfc*«*-t®»*** 
ftBHI****** P ttOil**fl>** l J I- * *** 

GF (q) GF (q) B t 

B»tt<DBai*GF (q) <D-£*.&*lfc*:ylC»L."C:. 
y =gX fc)&ftg»x (OSx^q-D 

[0012] ^iE«:±fl)jstSk»»ras*m=#ro»a* < 

o «tt±©*# wMtelMi* ck 5 i=-r * - 1 -cfe*. 
c*ii*«na«)fr*3 y i^ffiffl-r * -tLiciat*tta* 

ftg&<!:LT■t©^i»£*£<"*"3 :li:,::^al6 ' r * ,, * 

izaja-e#ft. l*u croa^wtts. w=a«=-3 

b#b< * y o-DfcftcDA<^-c*fc y . in.vci*aa* 
a**L*:«H#i=«fc*a*. rtt^feBK^aai^* 

y jMafcl* 1 1* o TA&tf± C 4 . c li? -f - 

(1984). 587~58 41 (D. Coppersmith. 

"Fastevaluation of logarithms in fields ofcharact 
eristic two" . IEEE TRANSACTIONS ON IN FORMATION 
THEORY. IT-300 984). p587-584) l-f¥Ll*. 

[0013] a*. *a«>*B»±«>aiij[»RB«*a 
aL-cowaaa**!*. iHffi«««>ssi4A*»a-rft 

*B. «BCltttL-C*< <H%»ftlcl**»*HI=»* 

ft**X-&ft. 46. ^EB»:0)«SS*«ffl!l1ii®-«WS 
lit*. *6SlW-eiifc*A<. a*!**-; 

yi) >**-«J£*fT 1 934$ (B. L. Van der Waer 
den m " MODERNE ALGEBRA" Springer Slfr »IR 

rsg+tftis^j *»Ba«ff 1 9 59*) est 
t*. 

anftafl>«tt* >*Ba (edlp) 
*BW«»±©»»»*B«t«i*-*'*fc«>«>*-®* 
ai*. aRaa**a^»»fcL-ca^ft*a - e**. 

5,31- ij_ T>K ^'J^r-^^^-f-" ->i^y 
>7J-*J£*fr 1 9 87$ (. N. Koblitz. "A cour 
se in number theory andcryptography" . Springer-Ve 
rlag. 1987 ) fLt^-r. 5^—. "3.— X 

■r-f *'J?I-' 8 5. U^^-c- 

V -f> aVtfi-^ +r-fX>X. 218 (19 8 



(5) 
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6^) 7i77^. 4 17-426 

M (V. Miller, "Use of el I ipticcurves in cryptogra 
phy ff , Advances in Crypto logy-Proceedings of Crypt 
o' 85, Lecture Notes in Computer Science, 218(198 
6),Springer-Verlag. p41 7-426 ) ICS* L < &<< bht 

[0 0 14] #JRffiitgE (GF (q) ) {ZZ\ZEl* a 
n elliptic curve£5£l*L* E (GF (q) ) ItEOG 

f ( q ) ±^femzHtc&m&om&<D&ftvtz>& < > ) 

|cKRffl«i:lil ;A5c7— (Abel) fe 

^L^l^^c-tTfe^3b<K^■T?l^M^^:aa1 o>i*Kft 

5iil±T?&-5) ICI4Y2 =x3 +axX + b-C$*ll 

& e (cc(c, a, biasatticg-r^Tc) 0 c 

X" ( "INTRODUCTION TO THE AR I THEMETR I C THEORY 0 
F AUTOMORPHIC FUCTIONS" ) S&S/S. ^U>Xh>* 
3**fr<DS4m iU^fr;9 ~h — ^X (CHAPTER 

GF (p) 

y=g x 

(£dfc. ytgttGF (p) ©5e* 
xfcMSR) 



[0 0 17] *|CGl SE (GF (p) ) ±CDfia<D* 
ZtZTzttZo ZZ\ZG\tmm#G F (p) -C<Dg(Z>« 
SlSa5t(7>-C&So CO>B*. PtE (GF (p) ) A< 
YB =*B Gl 
f-t, i-fBI*xB £®&mtLT& 

[0018] ©BfrB-flS 

C1 = k G 
C2 =M+ k YB 
AliBlCCl , C2 £i£&o 



4 ELLIPTIC DURVES ) . 7>fti7-l 

3**v" tr^/N^if-ftSJMT iv» 

^t>77HW<;i/ (MARTIN EICHLERS "EINFUEHR 
LING IN DIE THEORIE DER ALGEBRASCHEN ZAHLENUND FUN 
KTIONEN" BIRKHAEUSER BERLAG &tTO>KAPITEL IV Alge 
braischeFunktionen Ueber Den KomplexenZahlkoepe 
r) . ItPt^m. «lUS *5 
*HBIS«ff 1 957* KB LI*. 

[0 0 15] UITIC. *S§KlC&$»ffi&<t^(Dl£ffl£ 
%xt, fti:MLfc«pSattW»*±«)x^ 

*r? jure^a-d < waao^ai-w cfc«Ha«± 

^■r-So S7li«Rft^$fl6fflLfc»SJl^ia)«l 

(«|Rffil8£<£Jf1 LfcWtta<t> 
(D@£f* 

<hh*gf ( P ) igBstitmniUESi-s. cc 
-r?. piisa-efc-So *SRfiSE(D^lfi{*GF 
(p) a>7c-e«MK£*i*W*E (GF ( P ) ) tS-Tc 

t\z-r& 0 gf (p) ta>a««)»iti*«Ta>ay"cfc 

[0 0 16] 
E (GF (p) ) 

fttt 

Y=G + G+- + G (xH) =xG 
(CJIfc, YtPBE (GF (p) ) 
Otg* xt4&&) 

Gi £G, B (E (GF (p) ) <Otc 
<hLfcfc£fc«SGx + G, «G X t 
G, tSHSSai (Gi =G» 
ICfctG, fc*3tfSE<D»») ^EiO 

LG, £2«*ft,&G 8 • 
(B3&M) . 

-IfBI*. ffiSCD&SxB *atf. E (GF (p) ) ± 

- [1] ' 

1 . C2 SftfiK-r-So 

- [2D ' 

- C3] ' 

[0 0 19] <3>aHHb 



(6) 
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M+ xB C1 =C2 
3C [1] ' . [2]' , [33 ' % [43 * (Dlvf*U7> 
SSStiE (GF (p) ) ±fr=b*U ¥XM, YB s Gl 
teflfRffiiSE (GF (p) ) ±CD7cfT^o 
[0 0 2 0] Z<D*4-*^fci*«t««L ±1S 

«-ei^5*f>ff«os»xB t-ykTt&mumtzZftFi 

&|g(D^S§G (xo . yO ) . ±Et?t^<i:6YB (x 
0 ^L<l4y0 *^&YB (xo . yO ) 

[0 02 1] Vl±<D&oIZ^ WIEt*:±a)7C^«iRffl8l-t 

^ric^cos^ti^ffiai^. *B{t±aBiifc*iKBBfr& 

*. *3»*ttpI***fcL. GF (p) SffBtt^U 

IgRffijgECDGF (p) Ji<7>5c-e±jS$*t£»£E (G 
F (p) ) <tL. E (GF (p) ) <DtcG1 Z^—^tf 

[0022] ZCDt^. E (GF (p) ) <D^-*.fc>*tfc 
7cYlC*tLT* 
Y= x * Gl 

t ftSSft x 4Wfit44 6 I* x ^ 5 HBO 

BH14lcS^<o «HI. ^*U*. q = P r 

Cl&L* GF (q) _t©EI=Ot^TtB«l=1i*"C# 

[0 0 2 3] #L\Z&<<Z>m&\Z±V±&<Dfim&n±<D 
IttkaJkliBBS^BBllWailSa^JtfflrftWSEA^fr 

(a) fl£3fe^"CI4. _h2ia> "Fast evaluation of logarit 
hms in fields of character istic two" <7)^"B{*±<0St 

{*±©«*»*BBfcBB«a>*±tt*&ii* »*rxr 

^tP*,SR{*GF (q) <lx^Ct^-C#-5o Z 

[0 0 2 4] (b) 4*M«»*M*St?l**G>K£tt* 

***fc«)i=. — 30>*apr»*a>aift»ftnar3BS 
*ao>»di=i*««»a>Kir*a>»icc(DBa^i: 

|-|4. »%*y|»jhfl!)HA^6SJB«^l*40lia>=. 
ST* *B*a>»6* -o©*a^*ql=»LT»H(* 

it— DL^a<. ca>fc»aiik»BBa*K3E-r*tBt 

£o -T«:t>%. G F (7) <DB*TI41 /*-f h (8=0 
S1 ?P«y*£LT*5fc**lC«|-Cfc4*^ GF 



... [43 • 

(7) £GF (17) l:SIt^t1/Wh$1^P'V 

In. LA^L. ttRttftaitd* -OCDStSfc^ql^JL 
T=flIB<*GF (q) ±0>ttRffiiaEl4aSlC&£O-C?. 

[0025] l^l. wnait±0MttttftBfla>ttJft 

F (q) 0>5cO><I»#E (GF (q) ) *<3 OffrELbG) 
:illi#E (GF (q) ) 

bg:-5PWfc^o CCOC^I^KLTIiStaCD "Acou 
rse in number theory and cryptography" l-ta^t) 

**«*"r*f=H:. SK»GF (q) Jt(D}SRE&SE£ 
ECDGF (q) <D7C<7)*i»#E (G F (q) ) 

*»-c«wi*<fe9f=«a-4"*cfc4<Bai^tt*. 

l*BHBS**4 ^ t &o 

[0 0.2 6] 4>BBB»#©ft±tta>««"Cfc*« 
«t»BBB*3e«-r**BW«»fc LTBSSttfcniMI 

«3lEBl 

HB*MM-«*BW«Sfc LtX-/^-v>^7(i: 
( fctf*L*»Rft«*tll*"*'**a-e**. S4lrc<D« 

0*7 >izX -<> ^'J^hP^ 3^ Pi/— T4><f 

^ > a^tfzL — 45 3 (1 99 
O) , vzl^U SIS. 2-13lo (A. Meneze 

s.S. Vanstone, "The i mp I emetat i on of elliptic curv 
e cryptosystems " .Advances in Crypto I ogy-Proceedi 
ngs of Auscrypt '90, Lecture Notes inComputer Scie 
nee. 453(1990). Spr inger-Ver lag, p2-13 ) fcPL< 

[0 0 2 7] IslTBSI^mv X-/^-y>^7tJ: 
li<i4«Ri»oi*a* 

®«RfflS<7)fgffl(7)*Ss 

(DflfRftScD^tia)*s 

^O)5i0GF (2) SSSftCtOX-z^-v^^i 
[0 0 2 8] E1 :y2+y = x3+ x +1 



(7) 
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E2 : y2 + y = x3 + x 
E3 :y2+y = x3 

«-*3RffitiEj OGF (2m) ±<D7tVmm£*l&UE 
El (GF(2m ))= {x . y eGF(2m ) 
E2 (GF(2m ))= (x . y eGF(2m ) 
E3 (GF (2 m ))= lx , y e=GF(2m ) 
CCr*oo|i^lga^*at-o Z(Dt£&E\ (GF (2 
m ) ) icliftlcift^Lfcrt <Jffl;iA<£«£*u 
^tftS^EW&SM-ft&o &i¥tD7cO><IS#E 
i (gf (20i) ) (i-fia<7>a^lclitm:3E»<BSfr?fc^ 

( i = 1 - 3) o ftfc* Z<7)S*livx-r. X-/^. > 
#Ei (GF( 2n» )) 2m +1-2(m+D/2 
2m +i+2(m+1)/2 
#E2 (GF( 2m )) 2m +1+2(m+1)/2 
2m +i-2(m+1)/2 
#E3 (GF( 2m ))= 2m +1 
©Sy§fttt*&Sm<D*£ 

(q) a>«»»»nm=J3i^r. q-i^tftsaa 

3>eaf-f>y P# 'J XAXt-/^- GF 
(P) 7>K ^U?K^77-f S/£f 

■<>7t->-V3> V^'J — T-fir^ — 24 

m= 1 9 1 <Dt£* #E3 (G F (2 
m=2510tf, #E3 (GF (2 

ta«Ci:4<^ofc. ftfc. Pi * P2 #*Btt?fc* 

»«Rft»*Cft6fr**t« = i: («*!<2l»1 + 1 
2 251 + 1 (7)iftS»(iS-/7^-r 2 • 1 9 1 • m+ 1 . 2 
• 2 5 1 • m+ 1 0)MtUZ>o ) . =1 V 

ta. . 42. 1 65. 297-3301, 1 984$ 
1 (Math. Comp. . 42. 165, pp. 297— 330 (Jan. 198 
4) iCTX-y^. 3— x> Rlf x*>^. ^f^'Ji. 
l/>Xh7 (H. Cohen and H. W.Lenstra ) ft<8MtlT 

u^4*a*i=«k y #B-cii«BE?rffi-cfc*. 

[0032] ckotE3 (GF (2191 ) ) ±a>$L&tf 
S£»p1 fcft&TC*'*— *#-f> hP fc-*-4«IRtttt± 
0)««»»HitiL<l*E3 (GF (2251 ) ) ±a>a 
8to<f£8Ep2 <hft&5c£^— X#-<>hP<tt"&tSRffi 
tt±a>ttttttKnfl€ft±1£attM= LfcaBMBrai 



j (GF (2 m ) ) £!*&CDcfc5ftSrCfc& ( i = 1 ~ 
3) o 

[O O 2 9] 
| y 2 +y= x 3+x+11 U [oo] 
| y2 +y=x3+x) U {oo} 
| y2 +y= x 3} U l«J 

;{,/<— -7> "ifT'J** MJ i'J?fr; 
£ Jj — Z?X n y-f-f-lA1 0 6. *>jl^U>^3 — 
-7i77^ — i— 3 — <7 1 9 8 6$ (J. H. Silv 
erman~The Arithmetic of Elliptic Curves" GTM106. S 
pringer-Verlag New York1986 ) ICR LI*. 
[O O 3 O] 
in case(m=1,7(mod 8 )) 
in case (m= 3, 5 (mod 8 )) 
in case (m= 1,7 (mod 8 )) 
in case (m =3, 5 (mod 8 )) 

1 9 7 8$. 10 6—11 01 (S. C. Pohl ig and M. 
E. He 1 1 man, "An improved alogorithm for computing 
logarithms over GF(p)and its cryptographic sign if 
icance " . IEEE TRANSACTION ON I NFORMAT I ONTHEORY. 
I T-24 (1978). pi 06-1 10) icPLl^o £C*TJ. *<D£o 
ftSP3^#tt-r*fc»«>«»+»ftftttE (GF 

( q ) ) 07z<bm»tf*£tzm&vmtL&^t'e$>z>o 

[0O3 1] *CT. (1) iC&^fcSrRffifSEj \Z-Z> 
l*T*a>5c0>«t#Ej (GF (2m ) ) *<;*#ftSt» 
t?Sltl^<t^l-m$*to^ 0 ( i = 1 -3) 

«Rffl®E3 OGF (2m ) ±<7>7C-e«J«**t&8f E3 
(GF (2«n ) ) <D7C<D®S<DffeB»#»£ff^*:f£S 
m ) ) =2191 + 1 =3 * pi 
m ) ) = 2251 +1=3 * 238451 * p2 
(Pi * P2 l**8k) 

[0 0 3 3] 

[3MBiWB»LJ:5fc'r«Bra] L*Ll99 1$lcft 

aicDjBtkWRBiBfcot^rttJi^wnftiioaBftG 

F (q) (0 6*ffi*«:GF (q6 ) JiCD^rRgfciCBJttftjl 

»»nBtiBWcft*. m-ottswia+^fts^tt^ 

Pf-5. ftfc. /<— *»*a9lc-3ivci** &IC&BJJ 

[0034] ^ct?^r»a^izoiN-cf8*icKK-r 
* 0 c*u*r. **-tf*. xx. ^T>^h— > ai; 

■x-f— . ^^E K "'JfaO-v^ XU^f^f 
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+F 2 20 7-a7)U X-f ->-lA ->>5^i?3. 
OA * v^'J- a>*a.— 

^f. 1991$ 80~89I (A. Menezes, S. Vansto 
ne andT. Okamoto, "Reducing elliptic curvelogarit 
hms to logarithms in a finite field" . Proceedings 

of the 22ndAnnual ACM Symposium on the Theory of 
Computing. 1991, P80-89 ) KPlXa^tVC^-S. 

[0 0 3 5] HMSfcOTS*!*. &^i-ttasn5i^u 

< i*<tawssaiso>sift. m^w^i*^^^ 3 -^ (Weil 

pairing) £ffiJH^S=k<&-efc5o 
IS^MIcSiWr-SirJaT©* 5 1^5. ft**- -OiSffi 

ma. «*. a. ww©**^*!**^"* 

aawMMT 1 9 8 5$ 
sir *^T*K«r**»iii=>**"** liMtw * w 

lcS&!Sa)S^I*«r^05 *> "THEORY 

OF NUBERERS- SU.<«tlS©J- H. Silverman 

(a) fttftK (Bilinear) 

e n (Si +S2 . T) = e n 
e n (S. T1 +T2 ) =e n 

(b) tl§?¥& (Identity) 

t^T(DTeE [n] ft£TI=«Len (T. T) =1 

(c) 3Ett (Alternating ) 

en (S, T) =on (T. S) "1 

(d) iftHfc (non degenerate) 

4T0)SSE [n] ft£Sl-*JLen (S. T) 

= 1 ft&li. 

en ( [d] S. [x] S+ [y] 



[d] s = o 

n | d 



* : E [n] O <S> 
I S (e <S> ) 



g "The Arithmetic of El I iptic Curves"l-S¥Ll^ 
[0 0 3 6] q£3t»'<£p r iLt.'tWflF 
(q) ±»4*lfctnMtEi:L. E<DGF (q) 

jLCD5£-e*J«*=rt*SSE (GF (q) ) tf*. *n 
fitful*, tfx-fa.** (Weil-pairing) *<ffS"r*o =. 

[0 0 3 7] C?x-<a.») n^IESatL. P i£l= 

m> -rft*?^ (n, P ) =i t-r*. 

. EJGF (q) ±jM**vfc*Htt*fcLE [n] = 

lE3P | n p=») tr*. t i '** 

(#E [n] =n2 "C*E [n] lijl/n//x»/nj(i: 

[n] xE [n] i^KDnia//n^fl)?« (ma 
p) en : E [n] xE [n] -* H n * 

[0 0 3 8] 

(Si , T) e n (S2 . T) 
(S. T1 ) e n (SI . T2 ) 

[0039] E [n] = <S> X <T> fT*. 

1 ^(Di:#. en (S. T) 14 1 (ORtt n 

«n (S. T)d=1 ft&tf 

nl*d05B». r<t*>*n I d "CfeSo ) 

Ve n (S. T) d =1 ft&o 

[0 0 4 0] C t£g(a) l=*y. 

e n ( [d] S. T) =1 

E [n] <7>ffift<D5cl* [x] S+ [y] TtSS 

T) =e n ( [d] S. [x] S) • 
en ( [d] S. [y] T) 
= e n ( [d] S. T) V 
= 1 

(V (a) . ») ) 
fcft*. 

2. en I*. E [n]©«»*<S> £ n COHPM* 

[0041] 

► // n 

te n (IS. T) 



■ nmi^MI*B^t>* x 

t\T. EDLP4<ifroJ:5l-L-C»**l-<fey^*H 

(Sti* (Algorithm) ) 
X*:PeE (GF (q) ) (order ) nOytt 



[0 0 4 2] JW=. =frfB<*GF (q) ©E*n*ffi*t* 
GF (q n ) ICKDnMf ntt^Stl*. 

<S> « * G F (q) 

-r*« Ml- <P> »RftW*. : R= I Pft*>£& 

I 

(1) GF (qk) 3^mft<5S'N7>iEg3&k£*Ohr 

(2) E [n] 3QS> E [n] = <P> x <Q> tft 
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(3) ±fBmf^S0lwJ:-5cf>^CDlg^^ 

<t> : <P> > j/nCGF (qk) 

I P ► on (IP. Q) 

<P> £=frE(*GF (qk ) o*pizm&>&tj\ 

[0043] 0 = 0 (R) =on (R, Q) 
cr = 0 (P) = e n (P, Q) 

(4) gf ( q k ) vonmtmram e = a\ ' * 

(5) i = i • £ai* 

CO^CO fflmit* (1) £ (2) -e&^o ( (3) CD 

(2) OINT. E [n] = <P> x <Q> < = > e 
n (P. Q) ^KDBJ&nSfi,):^ Q£l*yiSLt*<5 
lsia<D (n) /ntt>^T->^. (Mertens ) 
£y^6 loglog nlrfc£ 0 (CCICO (n) I*** 
7- (Euler ) OH»-e&y. n ^SlMcifc)!)^ n 1UT 
(7)iESSfeCD^<iSft£&t>t>-ro ) X. en (P. Q) <& 
5S^W*^^-CpTtB^(7>T^ (2) I*. « 

[0 0 4 4] ttlcRMtt (1) "Cf&^o w<7) (1) irgi 

■efcy. Eic^tur. ka<S"e-5-*.£;h&o — fs. 5* 

i&\Z^ GF (qk ) 3//n CClr, k 

<t. fl&*xfcy#<*W4::i:*<fc**. 
[0 0 4 5] Md. SCIS9 1 -C»^-«#-ra*t> 

FDLPt^i:^7^NPn C o — N P |C AS C £ £<BE 

C<tA^iiE^**tfco ZCDtzthB (GF (q) 3PH 

tfKlMzmtetZiZte. SrISttGF (q) 

G F ( q r ) ±a>S8gt»aPaaiC»SL"C«< CtA<T? 

[0 0 4 6] *#ClEA<*-/<— v/>^fi^itP^(i*X^a 
RftS (ED LP) <DS^IC(i^K(*G F (q) 
6M*(*GF (q6 ) JlCDgltkSaraa ( D L P) |C 

3 (GF (21 ) ) ±Ofita»arc3S!i=&©«:G F (2 
2n) ±aatmftNH£Ha&DttL»* -ffc*>*>S< 
*A^^*tl<**uf£lt»S. rc3&-S 0 -ta<o 

SE&i;*fi»nttt«)«a©*fc* aB*jft-ciMrBK*GF 
( 2 2n> ±o>ttflk»ftnatt 2n*5iee^na±ft 



it*t«+»35pje±tt*a«T?*ft^fct^tiTt^4. - 

tilcoi^TIi* BtSiCD "Fast evaluation of logarithm 
s in fields of characteristic two " < a^t* 

J:oT, tt*(D^*-CI*«IRtteE<7>Sai{* 
~C&£&IB{*G F (2n ) (Dn£2 5 6 fil-tOftd Lfc 
ltWi<t64t^fct&4. -S2 5 6W±(DnJBl4 
fc»41tia«4ii5ft B»fc* «-^<Dfc#>(DffiJl*< 

Kffl(=*9tt^**»di*»i-. aaa«4f»Ao>ajiEic« 

[0 0 4 7] *fc. GF (2) JL(0*§Rffl«S£»*{*G 
F (2n ) |rft*>±lf£u tto*.GF (2) ±<0«IR 
A@$GF (2n) ©ttnattt^iit^^tt'C^Wl 

**cosa(*±^e«-e#§aRtt»axiaiiG f 

(2) JKDX— /<— : »*a70«IHt8<D«ktHi: 
flft* 0*U 3flL**ttl\, $P>lCC<D^jS-eii. *SR 
IgEl^GF (2n ) <Btg<&<IS#E (GF (2n ) ) 

e (gf (2°) ) oiia»s^5-(?jD*^, *b 
S£ts«-r sac: * Hit *><± u « . 

[0 0 4 8] &&m2 

LT«***ifcanaaa>a*a*« 
s±tta>«»T?fc*«iiraBnB**B***Rw«» 

/\->yX <f > ^'J^hP* ^Dy-f-f 

P^'J^h' 9 1. U^^-V— 
-<>=l>tfi — ^— -9->fX>X, 547 (1 99 1 
dfc) , 3 1 6-3 271, (T.Beth.&: F. Schaefer. 

"Non supersingular elliptic curves for public key 
cryptosy stems" , Advances in Crypto logy-Proceeding 
s of Eurocrypt '91, Lecture Notes in Computer Scien 
ce, 547(1991), p316-327) \Z& L < iSi^&tlTl^&o 

[0 0 4 9] JSLTBBIw»LV C<7>ft*0q2<7>tflf$& 

®antt«a>aaa>as. ©ia4it**»m©a 

<DSRffl®^<S»^*S 

=&ISft:GF (2) *a-S 0 *CD— 0©WH»G F (2) 
±07-/<-i/^7t^l^P)*8$#^4o 
[0050] E4 : y2 + x y = x3 + x 2 +1 
E5 : y2 +x y = x3 +1 

S^Rffl^Ei COGF (2«) ±(D7C-e«Ua$H^8E 
j (GF (2<n ) ) CD7cC7>®a#Ei (GF (2»n ) ) 
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|**©*5I=«*. (1=4.6). 

#E4 (GF( 2 1")) =1 + 2 r - 
#E 5 (GF( 2 m )) =1+2 r - l(-1+ 

=&fcRfft»Ei |=^lvctt***m**<D 2 

, ( G F(2»)) 3S«*#tt**-e**l* (i = 4. 

V**2l«PHM* E « |=0l*T*05c©«#E 
■ (GF (2»> ) <Dfi*<»5!lB»£P i:L+ ^* SL 

t2 *-iltptMIW:tfc^ (,=4. 5) . 

[005 11 C*fr23 tt»»* ,= * 9E « (G ^i!. 
m ) ) ±©K»**&P.3B£*IE*G F (2« ) 

r»t***fc*i- cfc 

«P10I«E4 OTGF (2«n ) ±©56*****t*»E4 
(GF (2«) ) <D5c<D^©tSB»##£ ftofcfS * 
m=1 O7(0i:#. *E4 (GF (2">) ) =2*m» 

1I**«p3 ««B»l=*fc*«.^t**W Bt! * ,bb 
* l lS , 0 6 2l*oTE 4 (Q F (2l«))±«ttW; 

<0 -An improved alogorithm for computing logarithm 
sover GF(p) and its cryptographic significance 
©IWM>*OTt**fc«K *«*GF (2H : I On*1 

#<i5i:*fc*a.&*U ntf*#<***. 

[0 0 5 3] *fc***MfcR»- GF < 2 > ±(01 * R 

(2 ) ±(0iRiS$GF (2n ) ±©«n**t*« 
ro{ iai*GF (2) ±«*-/<-*>**9-c*ij«n 

tffc*. = ffinfflSEOGF (2" 

<D»<Dflft#E (GF (2H) ) #3 0«JiLtfl>**l' 



-7)1/2 )/2} ■- l(1-(-7)1/2 )/21 «" 
(-7)1/2 )/2 1 ■- t(-1-(-7)V2 )/2) 

[0 0 5 4] *JMHI*. J!LtlttWLfcfl6*«l=6"+*a 

p. iWW|10»lll=et^l*. »«*Lfc»«**E 
(GF (p) ) eD*fc«*«rt- = *'=*»»* M * 

■C P **RfcU WS<*GF (P> tMKfc** 3 * 
pitt«E<DGF (P) ±<D7C-r-«tfiE^^«»S^E (GF 
(p) ) fcf 4fc#. E (GF (p) ) ©w©«tfP 

,=***^i=*n-«Eei:y. ^e (gf (p) ) 
[0O5 6] «*a2©»wi=fc^t:i*. «**n»» 

[0 0 5 7] BUMI3©*WI=*^*- W**2»« 

[0 0 5 8] 

HWB] 1 &tffS*JS 2<D*W=*^*- »» 

«rlt«^««3F (P) « l **<" C **:"?!i 

(DaRfflSEOGF (P) <D5b-C«**fr*»* E (G 
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F (p) ) ttZtZ. E (GF (p) ) 07tO)®&tf 

gf (p) om&tKiMzmvtti^oiz^ o*y P ic 
tez>&o\z8m&me&t%>o fur. zo&oftmFi 

(2) oin^i^^o 

[0 0 6 0] *fc. ^RgftGF (p) ±CDtSRftfSE<D 
GF (p) (DTtT'tmtStL&UZE (GF (p) ) tt 
&f£. E (GF (p) ) C!>5c<DflftA<p(::tt4£5tt 
Eli*(7)J:5lCLTet*-rSo 5fcl±(7>IEg8Ed£. I» 
3iOm (3) <DgW£SfS-f-<<*<0S£JS5£H 
d (x) <D«^SS-efe^<fcai^ffi-*(*Q ( (- 

d) V2 ) (DgSjb* WrT)l>mo>®&) 4</h*U^B* 
tL, $»p^ 4 * p-1 = d 5 C: 

WGF (p) ±OffiRft8EO j 
I*. d(rJ:yS*4S*«^Hd (X) =0<Dp%7£t 
LtzM j 0 lc«fcy#*.t> 

[006 1] JbtB j 0 * j =F«*=**3*H#G F 

(p) ±0*ni«ltGF (p) .LnfiSH-**-**: 

Eo : y 2= x 3+c2xaxx + c3xa (cliGF 

| #E (GF (p) ) -p-1 I 
#E (GF (p) ) COBttl#*ffiffll*. 

q+ 1 -2V"p < #E (GF 

[0 0 6 3] CC-C. E (GF (p) ) *<p-torsion £ 

#E (GF (p) ) =0 (mod p) 

I*. ±&<DmmzmLXl*&^ btft>fr&o <o*y* 
| a p | < 2-Tp 

t&ztt&tf* ccd o) s^afc-ra^cosaap iz 

#L"C\ d = ap2 -4pife<t, GF (p) ±CDtt 

aa^-e7ca>{i3a^p + 1 -ap £JS£*SR&ta*<* q 
(y*d) (d®» (^7^^aa>flift) ffl#fi-r*o 

[0 0 6 5] &fc\ ■W=BL-CI*«*«**fcA. d(= 
±SB (1) ^$5fet--TGF (p) ±0>fllR««36<«l=# 

[0066] E (GF (q) ) 3QCD0 

(Q) =nit^tt, 
(n, p) *1 

ftlM^&Tfc*. tC5t\ ^^-e<D«Rfl®<75ffitiC» 

[0067] L£pL* #J*I*. q = 2r tL E (G F 
(q) ) 3p. O (p) =2» • t ( (2. t) =1) 
fc&Tcp*^— h£ Lfc<t£<DSi£l** 



( P ) 0)T*3fW*> 
Ei : y 2= x 3+ a xx + a 
a = j o / (1728- j 0 > 
C(D5*> pfflOTC^tOtSR&tSI*. 
E1 (GF (p) ) 3X1 * EO (GF (p) ) 3X0 
SfcU. -t#i-€ r *i*pf&Lfci:#«5clc«i:*I55t?ft 

1. ftftlZOL^T. *i6a)»»ttl=J:fiE (GF 
(q) ) 0«»lit»*IBHaft<»^*v*a>*l»Clci*. 
E (GF (p) ) 3P*0 £ pP=oo 

t^^^acGF ( P ) ±-esa*4xfc«Rfi8E/G 
f (p) *»y. ssicBiWMfcBBa)*— («■ 

»T-(DlIte«lc»J6?-&jS) irp-feCU* (torsion ) 
A (pfe-tZhotlzUZA) P*W*fc«fcts -<Z>£ 

«agaic#gfc <p> <t *PR(*t o>mmm *i*^x 

[0 0 6 2] /\^-fe (HasseJCDSSlc.fey. E 

(GF (p) ) (D7cC0<ia(Cli]aT<D$(IEA<fc4c 

< 2V"p - (1) 

(p) ) < p + 1 +2V~P - (2) 

#E (GF (p) ) =npt3&4pIffi1t^fe^o ) 3E 

\z % *(*±dM*Rtt«::BLTI*. *0>K-f — 
(Deur i ng) 0)SaA^ltt" & . 

[0064] #E (GF (p) ) =p+1-apJSt 

«b. ±e/\^-ba>£ai (1) I* 

»• (3) 

(IBM *) 

Q = x P& -5 x «, 

MS) 

eA t : E [2< t] xE [2> t] ► V At = 

£ j/<DT»*=?0>Ali2l ) o 

[0068] <2i p> ±a>«t«»*Ba*# 

2 I P = P' 

2l Q = Q' fcL. *"*\ Q' =x f P' fc£x' * 

##>&o ::-e, o (p' ) =t (t, 2) = 1 £ 
y. -^i^j-Set ^sat^c 

e t : E [t] XE [t] >$i t = HOlSfil 

CG F (qk ) 
(GF (qk ) |*GF (q) G> k *&*{*) 

J:ot, x' liWK#±a>fit»»SaP4a*»<Ctirc*: 

y*^^*L^o 

[0069] o (Q-x' P) =2l *y 
Q — x ' PS < t P> 

mz. 

s . t P = Q— x' P 
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fcSse {1 . 2 I -1 } 
[007 0] Ctltt. **1**R*<DJM»MeB«*» 

< cfclcttSQ-C. S»I=*L*.*. w*vl±Hlrai<0"An 
improved algorithm for computing logarithms over G 
F(p)and its cryptographic signif icance'l^PLt^,, 
q= (s t + x' ) P 

■c) 

ttnattalfllkftKliMl 

E (GF (q) ) 3Pt <P> 9Q*^btlfcl$ 
xP = Q tS«QS**5 (q = p r ) 

pa 

o (P) =nife<. 

1. („, pl^Ott.-Ji^^Wfi^* 

2. (n, p) =p©t# 

n = pK I fcfi< ( ( I . P) =D 

| #E (GF (p) ) -p-1 I 
.•.p + l-2-Tp £ #E 

K=1 fc3Et4a)l*/N-ybfl>M*yWS> ' = 

[007 3] 2 p ^ p + 1 +2V"p 
p-1 g 2V"p 
p2-2p+1-4p S 0 
p <i 3+V (9-D =3 + 27" 2 
p < 5 

2-2. I ='\<J>k.'£ 

2-i.fcy. iitGF ( P ) ±<D»Rffitre<&n§-^£# 

#E (GF (p) ) =P <J)i^. 3Sfc«¥5i:*< 
fc^Ct *o"C. tt* #E (GF 

( P ) ) =ptta^mmnoi^^^^^' 

[0074] p : %R 
GF (p) : p®<D7t£%*3^K<* ■ 
E/GF (p) : GF (p) ±*«4*tfc #E < GF 

(p) ) =p £'S<5filHffi&o 

G1 : E (GF (p) ) <D&kO>*>T!#Vyt 

(E (GF (p) ) . Gl ) I^EDLPtl*. E 
(Fp) 3 QI-jtJLT Q=xGl *iix^l+ 

P Ittttf. 

5. 



2— 1 . I 5* 1 # 

**o*s*. <«■ *> «>*ai=*"*"c (pK p> <n 

JMMtMMtfK . 

[007 1] P k Q=x' pK P 

jfeirp«ir*a<D7ja. (M *> o>mm\~^-c 

Q — x ' P = i ' IP i =0- P K _1 

*. pi*^4^**ta*^ *w=«*i=«i.***« 

#GF (q) lip = 2*vpl***t*MI=IR6*l-C<« 

*lir.**o.fc3!::Ei4i&*i.-ci*4fl>-c*#. ^a>»* 
[oo7 2] ■ p*<*#^*»cot#. ±&aaafcn 

SCDlittEftUGF (p) ***TJ:tS 
^ 2/"p 

(GF (p) ) ^ p + 1 +27" p 

[O 0 7 5] iaT*B£*BaLfc#&*tS«0>*>RS» 

v^-'J-" . y-f^-iA1 1 0. ->a.^'J> 
#-*j£*tr. = 3.-3-* 1 986* (S. Lang. 
"Algebraic number theory " , GT1I110. Springer-Verl 
ag New York. 1986 ) «MW*t; i 
L-ci*. x*. "x'J^r;9 ^^-> 

3 >X". T-r-f V>-7i^^ 1 97 3* (S. Lan 
g, "Elliptic functions" . Addi son-Wesley, 1973) 1= 

[O 0 7 6] <DJESftda>»je*T?^' 
lESS&d*. Jtn&fcQ ( (-d) V2 ) 

A<1 (OSSf©*^ 1 9*dit5. -HI*. &ro3tS8p 

ggttf 1 aft;:***'? < *iESISt LTI*«I=. 1 . 
2. 3. 7. 11- 4 3 » 6 7 * 16 3<0 9llA < fcy- 
®Sa2C0*^l*$O<«»iESSI-l±1 O. 15. 2^ 

tti=n-r *»» * e* l. t ^»<o*i-e * n-c * . 
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£&l*o -r?S^*>. Willi* 1. 2. 7CDi§£l:ili4 * 
p-1=d*¥*a £ftfc1-*»*<#£Lfcl*«, ) 

f»p£, 4 *p-i=d*^»t45cl:5l:(!:So 

p =23520860746468351934891841623 

4* p -1=19* (1451 * 48496722383) 2 
tte&<z>v3zft£ffitzi- 0 (**>\ 3O«TffS0)*a^ 
O*(7>(i§^l::3fctf)b*t£>o ccofctf)^S4 * P - 1 
= d * <t 5 *fcfc-f f&ai*. BlTflllRtt 

KCDtf^ia*a>P«TWSaJi^fclt^^;u> (Brun) 
AMzn^'J (Selberg ) <7)^51^0>;£&£<E££ Rltfc 



LfcttdCKiO (nl/2/log n) -efe5 5£/\— T-f 
(Hardy) y 1 9 2 3 6ita!*;h/Cl**. fc 

OBMSHd (x) (DpJSt LfcS£#£>£X7^;/ 

d = 1 9<Dt$* 

H19 (x) =x + 884736 

t t£&<DV p LfcJRI** 

x =—8 84736 (mod p) 

[00 7 7] ®»ni«EOftgXf*^ 
Hd (x) 0>p*atLfc<**J««H=*O*|B(«:G 
F (p) £3eWtf=4p-?4ftnattE(** GF (p) f^I? 



E 1 : y2= x 3+i 85691 0058931 71 1 9948598822307x+990352031 4302463972586038632 
E 2 : y2= x 3+1 85691 0058931 71 1 9948598822307x+1 361 73404321 65887962305802991 



s-tsnffifgEi <dgf ( P ) ±<D7tvmf$.zixz>mE.\ 

(GF (p) ) <D7L(D<1»#E1 (GF (p) ) ttUvT 
*L*^pl=ft L J. <&*3!) < P + 2lr/d:4 0 (i=1. 2) 

pl^ft^^^^^pffiKOTcSto^RffiSlCTS^o §6 
piM^t^b, E1 (GF (p) ) ±0>^7ttm:tj: 
#E1 (GF (p) ) fcp*<SlMr*^ftlMDT?»»tt 
[0 0 7 8] zoitztb. ttH{t±a>mMKMai::»» 
«ei (gf (p) ) ±a>ttdkHftnBa)Bli1£l=S^ 

(2) ±^niem»GF (2n ) ld#*,_tl:f* 

±a>««-c*«fliRfti8a>«»^iB&ti*- 

[0 0 7 9] **B*)I±« fiSaMkplzJiLTtifRtttt 



Ita* *ft<i*ntf^ha>*»a>*tt±«E^r*a> 

***fr3fc. GF (2) ±(0«Ri8Jtt*(*GF 
(2n ) |=J»*±ff 4fcL^5*»-C«*-r*fc»* #« 
lc*£lxa<D*IBa#S?£g#L. »*l=«*oTMt#« 

[0 0 8 0] *$£Uf3ii. Hi60!ia>*rK(*G f (p) ±0> 

«Rffi»El #E1 (GF (p) ) = 

CDHS6«I*IEB» d * 1 9£LTfro*:*<. C*il*45ld 

«©a^*<*Q ( (-d) 1/2 ) (D5sa^'h*<ft^ck 
fc-r*«pi*±a5a>*tt«i*:i*-ettttL^a>-c. tecossa 
[0081] ztii &LT\~m7*-r d = 1 1 a)a-& 

(2) »pO«Xf^ 

p=1 0000000000006978450061 4201 61 9 
4p-1=1 1*1 9069251 78491852 

(3) §S£Jg5£Hd (x) (OpJStLfcB 
H 1 1 (x) =x+ (25) 3 

x=- (25) 3 



(4) 

E1 : y 2= x 3+6465821 9202538723546673861 491 x+61 71 902951 948093571 605785264 

G1 = (0, 68651835839797874780406584328) 

Et 

E2 : y2= x 3+44235072938757883609925867087x+8052647251 78723614921 94455488 
G2= (1 66975881 261 71 207059471 759083, 505581 3521 2291 88281 40451 64247) 
Z<Dt$. E1^«ft*pi0)5cttoflmifl[ 4p-1 =43*964485644341 152 

d = 43(Z>i»^ (3) S^JSaHdfl)pS^i:Lfcg 

(2) *Sp0>£fjtX-r*^ H43 (x) =x+ (26*3*5) 3 

p=1 000000000000675537843902071 69 x = - (26*3*5) 3 



(14) 
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El : y 2= x 3 +2 4557754467536921 75795481 8421 x+4041058957344978236766021 9353 
G1 = (265854949502231 34888454565943. 31 2091 830435595741 70523404221 ) 
E2:y2=x3 + 69866461751524010602318419904x+17027175709313123626175488922 

62= (0 2237484821 4481 41 425981 1 67851 8) 
= <Dfc#. E 1 **»*p"««>***0«H«MI 4p-1=67*7726674092864l2 
d = 67CD*^ ( 2 5*3*5*1 D 3 

(2) asp©***^?* "I 7 )ll x+ ; 2 3 

p=1 0000000000003991 49061 56290257 * — 12 

E 1 (4 y Lx3 + 9802217915287010094180357754x + 86872543342359746381224718825 
G1=(87207836128793306663103094884. 62397242280665662684542866784) 
E2 : y 2= x 3 +4 06461 60753795093333095479225x+6444082801 90961 1 2476624894792 
G2= (0. 23587 1 58762484987674589379428) 

CO>t$. E 2****P«©***^*PHM 4 p-1=163*495377404618292 

«^ (3) S#*SCHd<Dp«*i:Ufc«? 

d = 163roJ» B H 1 6 3 (x) =x+ (26* 3 * 5* 23 * 29) 3 

p=1OO0OO000OO008885O197895528571 x=_(2 '* 3 * 5 " 

E1 ? y L x 3 + 69539837553085885644029440781x + 21802102936259342347911085254 
G1 = (0 1 297 1 9387051 91 70835 1 900354586) 

E2 - y 2L x 3 + 43531628057513197797823922759x + 63587736557778697031371252331 
G2= (27229586870506933835795892372, 7702158417267369660619109104) 



|-3S5|-r S*f6Wa>3£t60« 2 \zti\-t we 
fe*. -tL-C. ^<DS*I* C5l^ro?fS] -eiftBLfc© 

;Ul§-^|::-3l^TI«E:£a> "A course innumber theory a 
nd cryptography" < Si^&HT^S. (ffiRffl 

YB =xB Gl 

$sm;-r-&. t-t?. a.—- y=Bi*xB sssatL'cs 

[0083] <3>Bt^fl; 

AAn&B^EI (GF (p) ) <D5cTife£¥:*M£ifc& 

C1 =kGl 

C 2 =M+kYB 
AC4BI-C1 . C2 S8IC CO C3] 5£<Dj£ 

5J££-tls]l§£jji-f. *@l=fc^-C. 1 l*2itSa>«T-t 

l*2ii»ftS^-Ct^o 

M+ xB CI =C2 
SCM3. C2D . C3D . C4J ©l^*l«)a»*E 

! (GF (p) ) -tfT=b*U ¥*M. Y B . Pi 
ffi@El (GF (p) ) ±0)7tt-?&„ 

[OOB6] ca>^saBg^s«**<oS^l±i*. 

^<»3lffi«1 -CflMtLfeWiaSEl OE1 (GF 
(p) ) C07CG1 *K-X#-f >r-fr*»tk«»B« 



±K3?t6«1 l^yjRto&ftfc^RBttGF (p) JiS« 
$tlfc«nft^El £E1 (GF (p) ) <OtcG1 it 
-5. C<D£#E1 tGl A^COTBt^iCro^M'lt^fe 

[0082] <2>a±lifc 

TA E1 (G F (p) ) ±T? 

- CD 

jm-r-s*^^*.*. Aiis&si-s»-efc*>a»k£ 

[0 0 8 4] 

- [23 

- [3D 

[0 0 8 5] €>tS^ 

B(*e#fc*l-r* < fcl^'Cl< % *> x B *»t*-C*« *tr»U"C 

... [4 ] 

©BSSI=«#L-Ct^- - WE 1 (GF (p) ) ±© 
, (GF (p) ) t ptfSlMZjft-CfctVDT?**^** 
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[0087] ftfc. w©i§#a>**3Hff ^imzm. 

(r x . ry ) <Dr x ^ffifflLtfcy. r x A^&R 

(r x . ry ) £&#nT<lt;&tS® 3: ti<D £ L. 

Tl^-S. CflJ.fco'StSait LTI*0?S.tf. ry =± (r 
x 3 + a*r x + b) S+1 (7lA7-(BSI) 

( r) =1. +(Dt#i;i*cu (r) = otisy«at>fc 

_tT?(Dc u (R) tf&So 

trox-fc*. cani^. fiUl2m2iiffiC!iicfcit4x 

10-5. CCD±-C. %«ttS#l*Ci 4:C2 
>bM<l>&^&mit. M+xb Ci =C2 tl^omM&fr 

[oo8 8] skcoji*. mmmmommmmt 1 *p 

fcU 1^SI-»®«c3IO^«#I*xb £3ESU -ffc 

i-iit?-i:i=«fcy. «saro«y^tx^- 
ca>«^. itrtEm2Hffie!iizfcMt*xB i*, fts>**i;«> 

&mmz®1£&® UTlSlt-C ft47-f $ □ a > fcfa-* 
tVT R"3#fl)'M©THfy 3 >BWS&©^ft<D8£lsrl 
SUI=8lTP>4xfc*-*ll=£L&£ftS*-l-BKMK*a 

[0 0 8 9] dOtzlb. m&lt. C(D/Mf l/fva> 

TRccroB*&ia$a&£g<iit-r£o ctucfcyTutrtt 

W&r>%0>1 << *? P3>tfa.— $*<M+ xB Ci =C2 
[0 0 9 0] Jil-t. *5§ipl£5it60iJI-£'3#iftiSL-C# 



*S8Elira*±IEStJ£0!ll=KSS*V>Sl*<Dli2)It 
■e&S. -r**5*,Wjlii. BiSiMli=J3ivc» 4 p- 

i = d t<cs*ai*^Hi»siii-#s-ri)fc 

ft. ^Rffl^litecDtO-rJt cfct^o ^ggJSfllirfcl'* 

Ti*l\, -Tfcfr*.. "Ataa— tfA. BI4«->5rxA . 
xB £»£U fflSlCYA =xB Gl tYB =xB Gl 
^SS<D±YAB=xB YA =xA Yfi £&&tHt UTI 

[009 1] *fc, im&SOBi^Mb. «-^I*1h1K (/\ 
— K) Ml=&-ra>i*tt<. *Sfl-*«£flEfflL-Cft# 

RB£<5F*vf. S*. BKaircfc9Tt»J:l\> 
[0 0 9 2] 

fcl*o 

©sctf-v h»a>5£8tt:±a>8iRttf£i£ggi=iHrc'# 

[0 0 9 3] tt^5Ja»*<fc*. ttl^TI*. ^BUiHIIH 
[0®<DfS5mfcifti!in 

[0 1 ] 1S*mgi::«Si£«tt$EUD#^@l=«fc-&l&ffij£ 

«©iss$*-ro 

o>mmi7fr-t. T^jt^©2i±ctLA<s^.e>+ir 

[03] *SRffifa±OT8<DftD&£ijt-f. 

■t. 
■r. 

[06] xftwonfawi icfcits^Rtt^^ffl^fc^ 
[0 7] **wrosits«2icfcit-s^Rft®$fflt^=^ 
[08] ±&M2mffi.mtztn-tz,mnisit£comf&m-c$> 

So 

[^OlftlB] 

i 2ii»fflrow-hiffflws 
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A— y-o irL c> 










fe4fct8 L q(2) 










a - 


a -1Kb 




a(4) 


b(8) 




g a =o((niod p) 


g h = $ (mod p) 




(5) 


(3) 




fi ^ 









k = j8 a (modp) k=cX b (mod p) 




(5) (4) 







rue] 






IS fa 


h = 1012 




1 




k = 100 2 






® 


® 


<3> 


2 


10 12 


1012 


101 




X 10 02 


+ 1002 


f 100 




1 0 1 0 02 


10012 


001 





[04] 



ill =• ^X^X *ft <n 
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[0 3] 
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[08] 



AD 



AO 



AO 



k Y B 
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1. 

2. 

3. 
4. 



[06] 



r 
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[07] 



E l (GF(p))3G 1 




Y B =X B G 1 *** 



ft M 



C 2 =M+kY 3 



